Ok, something odd happened I would love some feedback/ideas on: We had 4.1.2 running on Fedora that we used for, among other things, OTP authentication. I have just upgraded these to CentOS 7 with 4.1.4 running and our OTP setup suddenly became very unstable.
Things that have changed during upgrade that may be contributing to this: * OS went from Fedora to CentOS7 * Version of the IPA code went from 4.1.2 to 4.1.4 * Anonymous LDAP access was disabled * Directory Manager password was changed (to solve unrelated problem) * An attempt to reduce number of supported ciphers for LDAPs (Port 636) * Ditto for SSL port for apache. Symptoms: * Upon even before upgrade was completed (one server, the one auth was being attempted against, was still running old code) - it would not authenticate LDAP connection using password+otp format. Password alone worked fine. * After update I tried to login to IPA UI using password+otp - it was not working. So I logged in without otp and added a new OTP code. After that suddenly I could use both the old and the new token generators to login.... but not all the time... new one was more consistent, but failed from time to time too. This is happening to at least one other user - so I think the issue is not associated with user account. * At no time sync token UI worked. Always says wrong/invalid token. I really need this to work - any ideas/suggestions would be appreciated. -M
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project